Merge pull request #991 from hmrc/BDOG-2908

BDOG-2908 add request new vpn button for team admins

Author: jordanrowe

app/uk/gov/hmrc/cataloguefrontend/connector/UserManagementConnector.scala

@@ -102,3 +102,12 @@ class UserManagementConnector @Inject()(
       .flatMap:
         case Right(res) => Future.successful(res)
         case Left(err)  => Future.failed(RuntimeException(s"Request to $url failed with upstream error: ${err.message}"))
+
+  def requestNewVpnCert(username: UserName)(using HeaderCarrier): Future[Option[String]] =
+    val url: URL = url"$baseUrl/user-management/users/$username/vpn"
+    httpClientV2
+      .post(url)
+      .execute[Either[UpstreamErrorResponse, JsValue]]
+      .flatMap:
+        case Right(json) => Future.successful((json \ "ticket_number").validate[String].asOpt)
+        case Left(err)   => Future.failed(RuntimeException(s"Request to $url failed with upstream error: ${err.message}"))

app/uk/gov/hmrc/cataloguefrontend/users/UsersController.scala

@@ -23,21 +23,23 @@ import uk.gov.hmrc.cataloguefrontend.auth.CatalogueAuthBuilders
 import uk.gov.hmrc.cataloguefrontend.config.UserManagementPortalConfig
 import uk.gov.hmrc.cataloguefrontend.connector.UserManagementConnector
 import uk.gov.hmrc.cataloguefrontend.model.{TeamName, UserName}
-import uk.gov.hmrc.cataloguefrontend.users.view.html.{UserInfoPage, UserListPage, UserSearchResults}
+import uk.gov.hmrc.cataloguefrontend.users.view.html.{UserInfoPage, UserListPage, UserSearchResults, VpnRequestSentPage}
 import uk.gov.hmrc.cataloguefrontend.view.html.error_404_template
 import uk.gov.hmrc.http.UpstreamErrorResponse
 import uk.gov.hmrc.internalauth.client.{FrontendAuthComponents, IAAction, Resource, ResourceType, Retrieval}
 import uk.gov.hmrc.play.bootstrap.frontend.controller.FrontendController
 
 import javax.inject.{Inject, Singleton}
 import scala.concurrent.{ExecutionContext, Future}
+import scala.util.control.NonFatal
 
 @Singleton
 class UsersController @Inject()(
   userManagementConnector: UserManagementConnector
 , userInfoPage           : UserInfoPage
 , userListPage           : UserListPage
 , userSearchResults      : UserSearchResults
+, vpnRequestSentPage     : VpnRequestSentPage
 , umpConfig              : UserManagementPortalConfig
 , override val mcc       : MessagesControllerComponents
 , override val auth      : FrontendAuthComponents
@@ -80,6 +82,31 @@ class UsersController @Inject()(
     val teams = retrieval.fold(Set.empty[TeamName])(_.map(_.resourceLocation.value.stripPrefix("teams/")).map(TeamName.apply))
     teams.contains(TeamName("*")) || teams.exists(user.teamNames.contains) // Global admin or admin for user's team
 
+  val requestNewVpnCert: Action[AnyContent] =
+    BasicAuthAction.async: request =>
+      given RequestHeader = request
+      auth.verify(Retrieval.locations(
+        resourceType = Some(ResourceType("catalogue-frontend")),
+        action       = Some(IAAction("CREATE_USER"))
+      )).flatMap: retrieval =>
+        request.body.asFormUrlEncoded.flatMap(_.get("username").flatMap(_.headOption)).map(UserName.apply)
+          .fold(
+            Future.failed(RuntimeException("Could not request a new vpn certificate as hidden username form field was empty"))
+          ): username =>
+            userManagementConnector.getUser(username).flatMap:
+              case Some(user) =>
+                if(isAdminForUser(retrieval, user)) then
+                  userManagementConnector.requestNewVpnCert(username)
+                    .map(ticketOpt => Created(vpnRequestSentPage(user, ticketOpt)))
+                    .recover:
+                      case NonFatal(e) =>
+                        logger.error(s"Error requesting new VPN certificate: ${e.getMessage}", e)
+                        Redirect(routes.UsersController.user(username)).flashing("error" -> "Error requesting VPN Certificate. Contact #team-platops")
+                else
+                  Future.successful(Redirect(routes.UsersController.user(username)).flashing("error" -> "Permission denied"))
+              case _          =>
+                Future.successful(Redirect(routes.UsersController.user(username)).flashing("error" -> "Unable to find user"))
+
   val users: Action[AnyContent] =
     BasicAuthAction.async: request =>
       given RequestHeader = request

app/uk/gov/hmrc/cataloguefrontend/users/view/UserInfoPage.scala.html

@@ -31,6 +31,13 @@
 )
 
 @standard_layout(user.username.asString, active = "users") {
+  @request.flash.get("error").map { msg =>
+    <div class="alert alert-danger alert-dismissible fade show mt-2" role="alert">
+        @msg
+        <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
+    </div>
+  }
+
   <h1 class="page-heading mt-4">@user.username.asString</h1>
 
   <section class="section-wrapper">
@@ -124,60 +131,93 @@ <h1 class="page-heading mt-4">@user.username.asString</h1>
               <div class="row mb-3">
                   <div class="col-md-4">
                       <div class="card mb-4">
-                          <div class="card-header">
+                          <div class="card-header d-flex justify-content-between align-items-center">
                               <div class="h4 mb-0">Tooling</div>
-                          </div>
-
-                          <div class="card-body">
                               @if(canCreateUsers) {
-                                  <div class="btn-group float-end" role="group">
+                                  <div>
                                       <a class="btn btn-success" href="@userRoutes.EditUserController.editUserLanding(user.username, user.organisation)">Edit</a>
                                   </div>
                               }
-                          <ul class="list-unstyled">
-                              <li>
-                                  <span class="glyphicon glyphicon-@{
-                                      if(userAccess.vpn) "ok text-success" else "minus text-secondary"
-                                  } me-2"></span>
-                                  <strong>VPN</strong>
-                              </li>
-                              <li>
-                                  <span class="glyphicon glyphicon-@{
-                                      if(userAccess.jira) "ok text-success" else "minus text-secondary"
-                                  } me-2"></span>
-                                  <strong>Jira</strong>
-                              </li>
-                              <li>
-                                  <span class="glyphicon glyphicon-@{
-                                      if(userAccess.confluence) "ok text-success" else "minus text-secondary"
-                                  } me-2"></span>
-                                  <strong>Confluence</strong>
-                              </li>
-                              <li>
-                                  <span class="glyphicon glyphicon-@{
-                                      if(userAccess.devTools) "ok text-success" else "minus text-secondary"
-                                  } me-2"></span>
-                                  <strong>Developer Tools</strong> <i>(Kibana, Grafana, Jenkins)</i>
-                              </li>
-                              <li>
-                                  <span class="glyphicon glyphicon-@{
-                                      if(userAccess.googleApps) "ok text-success" else "minus text-secondary"
-                                  } me-2"></span>
-                                  <strong>Google Workspace</strong> <i>(Gmail, Calendar, Hangouts, Drive etc)</i>
-                              </li>
-                              <li>
-                                  <abbr style="text-decoration: none;
-                                      border-bottom: none;" title="Unable to determine if BitWarden access has been granted">
-                                      <span class="glyphicon glyphicon-question-sign me-2"></span>
-                                  </abbr>
-                                  <strong>Bitwarden</strong>
-                              </li>
-                          </ul>
                           </div>
+                        
+                          <div class="card-body">
+                              <ul class="list-unstyled">
+                                  <li>
+                                      <span class="glyphicon glyphicon-@{
+                                          if(userAccess.vpn) "ok text-success" else "minus text-secondary"
+                                      } me-2"></span>
+                                      <strong>VPN</strong>
+                                  </li>
+                                  <li>
+                                      <span class="glyphicon glyphicon-@{
+                                          if(userAccess.jira) "ok text-success" else "minus text-secondary"
+                                      } me-2"></span>
+                                      <strong>Jira</strong>
+                                  </li>
+                                  <li>
+                                      <span class="glyphicon glyphicon-@{
+                                          if(userAccess.confluence) "ok text-success" else "minus text-secondary"
+                                      } me-2"></span>
+                                      <strong>Confluence</strong>
+                                  </li>
+                                  <li>
+                                      <span class="glyphicon glyphicon-@{
+                                          if(userAccess.devTools) "ok text-success" else "minus text-secondary"
+                                      } me-2"></span>
+                                      <strong>Developer Tools</strong> <i>(Kibana, Grafana, Jenkins)</i>
+                                  </li>
+                                  <li>
+                                      <span class="glyphicon glyphicon-@{
+                                          if(userAccess.googleApps) "ok text-success" else "minus text-secondary"
+                                      } me-2"></span>
+                                      <strong>Google Workspace</strong> <i>(Gmail, Calendar, Hangouts, Drive etc)</i>
+                                  </li>
+                                  <li>
+                                      <abbr style="text-decoration: none;
+                                          border-bottom: none;" title="Unable to determine if BitWarden access has been granted">
+                                          <span class="glyphicon glyphicon-question-sign me-2"></span>
+                                      </abbr>
+                                      <strong>Bitwarden</strong>
+                                  </li>
+                              </ul>
+                          </div>
+                          @if(canCreateUsers) {
+                            <div class="card-footer">
+                                <div class="d-flex justify-content-between">
+                                    <button type="button" class="btn btn-success" data-bs-toggle="modal" data-bs-target="#vpnModal">
+                                        Request VPN Certificate
+                                    </button>
+                                </div>
+                            </div>
+                          }
                       </div>
                   </div>
               </div>
           }
       }
   </section>
+
+  <div class="modal fade" id="vpnModal" data-bs-backdrop="static" data-bs-keyboard="false" tabindex="-1" aria-labelledby="vpnModalTitle" aria-hidden="true">
+    <div class="modal-dialog">
+        <div class="modal-content">
+            <div class="modal-header">
+                <h5 class="modal-title" id="vpnModalTitle">Request New VPN Certificate</h5>
+                <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+            </div>
+            <div class="modal-body">
+                <p>You are about to request a new VPN certificate for @user.username.asString.</p>
+                <p>If you continue you will invalidate @{user.username.asString}'s existing certificate.</p>
+                <p>To proceed click 'Submit' and a new certificate will be sent to @user.primaryEmail shortly.</p>
+            </div>
+            <div class="modal-footer">
+                <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button>
+                <form id="vpn-form" method="post" action="@userRoutes.UsersController.requestNewVpnCert">
+                    @csrfFormField
+                    <input name="username" type="hidden" value="@user.username.asString">
+                    <button id="vpn-submit" class="btn btn-success" type="submit">Submit</button>
+                </form>
+            </div>
+        </div>
+    </div>
+  </div>
 }

app/uk/gov/hmrc/cataloguefrontend/users/view/VpnRequestSentPage.scala.html

@@ -0,0 +1,47 @@
+@*
+ * Copyright 2023 HM Revenue & Customs
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *@
+
+@import uk.gov.hmrc.cataloguefrontend.users.{routes => usersRoutes}
+@import uk.gov.hmrc.cataloguefrontend.users.User
+
+@this()
+
+@(user     : User,
+  ticketOpt: Option[String]
+)(implicit
+  request          : RequestHeader
+)
+
+@standard_layout("Request a new VPN certificate", active = "users") {
+
+  <section class="section-wrapper">
+    <h1 class="page-heading mt-4">Request Sent</h1>
+
+    <p>You have requested that a new VPN certificate be created for @user.username.asString and sent to @user.primaryEmail</p>
+
+    @ticketOpt match {
+      case Some(ticket) => {
+        <p>To review the progression of this request and check the users details are correct, please view the <a target="_blank" href="https://jira.tools.tax.service.gov.uk/browse/@ticket">@ticket</a> Jira ticket.</p>
+      }
+      case _ => {
+        <p>To review the progression of this request and check the users details are correct, please view the <a target="_blank" href="https://jira.tools.tax.service.gov.uk/projects/ACRS/issues/ACRS">ACRS Jira Board</a>.</p>
+      }
+    }
+
+    <a href="@usersRoutes.UsersController.users" class="btn btn-secondary" role="button">Back to Users Page</a>
+
+  </section>
+}

conf/app.routes

@@ -136,6 +136,7 @@ GET        /vulnerabilities/timeline                     uk.gov.hmrc.cataloguefr
 GET        /users                                        uk.gov.hmrc.cataloguefrontend.users.UsersController.users
 GET        /users-search                                 uk.gov.hmrc.cataloguefrontend.users.UsersController.userSearch(query: String)
 GET        /users/:username                              uk.gov.hmrc.cataloguefrontend.users.UsersController.user(username: UserName)
+POST       /users/new-vpn-cert                           uk.gov.hmrc.cataloguefrontend.users.UsersController.requestNewVpnCert
 
 GET        /users/edit-user/access                       uk.gov.hmrc.cataloguefrontend.users.EditUserController.editUserLanding(username: UserName, organisation: Option[String] ?= None)
 POST       /users/edit-user/access                       uk.gov.hmrc.cataloguefrontend.users.EditUserController.editUserAccess(username: UserName, organisation: Option[String] ?= None)